From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1G18DH-0004g9-Ny for qemu-devel@nongnu.org; Thu, 13 Jul 2006 16:55:11 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1G18DF-0004di-On for qemu-devel@nongnu.org; Thu, 13 Jul 2006 16:55:10 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1G18DF-0004df-II for qemu-devel@nongnu.org; Thu, 13 Jul 2006 16:55:09 -0400 Received: from [84.96.92.61] (helo=sMtp.neuf.fr) by monty-python.gnu.org with esmtp (Exim 4.52) id 1G18F5-0006TE-EY for qemu-devel@nongnu.org; Thu, 13 Jul 2006 16:57:03 -0400 Received: from [84.102.211.16] by sp604002mt.gpm.neuf.ld (Sun Java System Messaging Server 6.2-5.05 (built Feb 16 2006)) with ESMTP id <0J2D00GAY03B8TL0@sp604002mt.gpm.neuf.ld> for qemu-devel@nongnu.org; Thu, 13 Jul 2006 22:40:23 +0200 (CEST) Date: Thu, 13 Jul 2006 22:40:21 +0200 From: Fabrice Bellard Subject: Re: [Qemu-devel] Fix for accept In-reply-to: <44B61EBE.1090907@nomovok.com> Message-id: <44B6AFB5.1080403@bellard.org> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT References: <44B61EBE.1090907@nomovok.com> Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Hi, OK for the bug report, but the fix is not correct because the problem is generic. [get|put]_user() and the other functions should be used everywhere to communicate with the "user" space and to generate the -EFAULT error if the address is not correct. For that purpose the host signal SIGSEGV can be catched and asm macros can be used to see if it is an expected seg fault (in this case [get|put]_user must return an error code) or if it is a QEMU bug. Note that exactly the same system is used inside the Linux kernel and I don't think it is necessary to invent something else. Regards, Fabrice. Pablo Virolainen wrote: > Following code crashes qemu user emulation. > > #include > #include > > int main() { > accept(0,NULL,NULL); > return 0; > } > > Pablo Virolainen > > > ------------------------------------------------------------------------ > > Index: linux-user/syscall.c > =================================================================== > RCS file: /sources/qemu/qemu/linux-user/syscall.c,v > retrieving revision 1.75 > diff -u -r1.75 syscall.c > --- linux-user/syscall.c 27 Jun 2006 21:08:10 -0000 1.75 > +++ linux-user/syscall.c 13 Jul 2006 10:18:57 -0000 > @@ -878,9 +878,20 @@ > int sockfd = tgetl(vptr); > target_ulong target_addr = tgetl(vptr + n); > target_ulong target_addrlen = tgetl(vptr + 2 * n); > - socklen_t addrlen = tget32(target_addrlen); > - void *addr = alloca(addrlen); > - > + socklen_t addrlen=0; > + /* Just to get rid of compiler warnings */ > + ulong addrt=0; > + void *addr; > + > + get_user(addrlen,&target_addrlen); > + get_user(addrt,&target_addr); > + > + if (addrt!=0) { > + addr = alloca(addrlen); > + } else { > + addr = NULL; > + } > + > ret = get_errno(accept(sockfd, addr, &addrlen)); > if (!is_error(ret)) { > host_to_target_sockaddr(target_addr, addr, addrlen); > > > ------------------------------------------------------------------------ > > _______________________________________________ > Qemu-devel mailing list > Qemu-devel@nongnu.org > http://lists.nongnu.org/mailman/listinfo/qemu-devel